Our Goals
Goal: Modify Unix to make it more resilient against attack
POSIX delineates three things:
Things we cannot (should not) change in Unix
Things we can change in Unix
Things which are... left as undefined/unspecified
But there are also other standards, and "de facto" behaviours ...
We must be careful
Our goals:
1. Do not break the behaviours that programs DEPEND on
2. Change anything else which makes an exploit author cry
3. Insignificant or low performance hit
What follows is a list of such mechanisms...